Milos Prudek wrote: > Hi, > > I suspect that my email server has been cracked. How do I make sure it > happened? > > I verified via external website service that my server is not an open relay. > > I verified that my server is not listed at spamhaus RBL (yet). > > However, /var/log/mail contains huge number of lines like this one: > > Sep 17 18:23:58 mail postfix/error[31376]: C9D81529A036: > to=<[EMAIL PROTECTED]>, relay=none, delay=39275, delays=39275/0.19/0/0.2, > dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to > 127.0.0.1[127.0.0.1]: Connection refused) > > There are about 100 such lines every second. The "to=" address is different > each time, but the rest is the same. Is it my server refusing spam, or is it > my server sending spam? > > > Welcome to the list. It seems you missed the critical welcome message:
To Report a problem: http://www.postfix.org/DEBUG_README.html#mail You need to figure out which service is connection denied on localhost. See also http://www.postfix.org/DEBUG_README.html#logging Brian
